package pers.zb.cloud.web.upms.config;

import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableOAuth2Sso
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        /**
         * 该配置的作用，问题显现：
         *      项目中html页面用到iframe嵌入网页，然后默认被springsecurity拦截了 浏览器报错  x-frame-options deny，原因是因为springSecurty使用X-Frame-Options防止网页被Frame
         */
        http.headers().frameOptions().disable();
        http.csrf().disable();
        http.antMatcher("/**")
                .authorizeRequests()
                .antMatchers("/login**","/static/**")
                .permitAll()
                .anyRequest()
                .authenticated();
    }
}
